class documentation
class SNIConnectionCreator: (source)
Implements interfaces: twisted.internet.interfaces.IOpenSSLServerConnectionCreator
(Private) IOpenSSLServerConnectionCreator implementation that creates an OpenSSL connection with a context that will switch to the appropriate one.
| Method | server |
Construct an OpenSSL server connection that can react to the TLS servername callback to select an appropriate certificate based on a mapping. |
| Property | default |
Create and cache the OpenSSL context that connections will initially be using. This constructs a default context which doesn't know its domain name by delegating to self._contextLookup with None, then sets the TLS extension servername callback to get invoked to ... |
| Class Variable | _context |
This method should look up an OpenSSL Context object for the given DNS name, or one that is suitable for unidentified clients. The lookup may fail and return None. |
Construct an OpenSSL server connection that can react to the TLS servername callback to select an appropriate certificate based on a mapping.
| Parameters | |
protocol:TLSMemoryBIOProtocol | The protocol initiating a TLS connection. |
| Returns | |
Connection | a newly-created connection. |
Create and cache the OpenSSL context that connections will initially be using. This constructs a default context which doesn't know its domain name by delegating to self._contextLookup with None, then sets the TLS extension servername callback to get invoked to switch contexts by doing another lookup when the client sends its servername.
| Note | |
The client might never send a servername at all, in which case it will be stuck. This edge case is not handled particularly well right now. Handling it better would involve some changes in this code (to hook the handshake completion callback rather than just the servername callback) as well as better ability to customize which certificate produces the default context in the implementation of _contextLookup, which is to say, mostly PEMObjects. |